A remote attacker could exploit these vulnerabilities in Python
applications or daemons that pass user-controlled input to vulnerable
functions. Exploitation might lead to the execution of arbitrary code
or a Denial of Service. Vulnerabilities within the hashlib might lead
to weakened cryptographic protection of data integrity or authenticity.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200807-16.xml

Solution :

All Python 2.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'
All Python 2.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'
Please note that Python 2.3 is masked since June 24, and we will not be
releasing updates to it. It will be removed from the tree in the near
future.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.